Debian Security Advisory DSA 1150-1 (shadow)

Summary
The remote host is missing an update to shadow announced via advisory DSA 1150-1. A bug has been discovered in several packages that execute teh setuid() system call without checking for sucess when trying to drop privileges, which may fail with some PAM configurations.
Solution
For the stable distribution (sarge) this problem has been fixed in version 4.0.3-31sarge8. For the unstable distribution (sid) this problem has been fixed in version 4.0.17-2. We recommend that you upgrade your passwd package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201150-1